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DETAILED ACTION 

1 . Claims 1 -2, 4-1 0, 1 2-1 8, and 20 are pending. 
Claims 3, 1 1 , and 1 9 are cancelled. 



Response to Arguments 

2. Applicant's arguments filed 9/15/08 have been fully considered but they are not 
persuasive. 

Regarding the 112. 1- paragraph argument on pg.6 : pointing to the specification (pg.6) 
proving the new subject matter is originally filed. The specification states the environment 
controls a token (master or delegate) if that environment is the only environment that is given 
access to that token. Thus, express the token can be master or it can be delegate token and 
not only to delegate. Specification discloses the token can be master or delegate that a user 
input the token into the environment and there is correspondence between environments and 
tokens. This implicitly discloses the token whether master or delegate can be inputted and 
communicated between environments. The token of delegated environment can be given as 
belonging to a particular environment that is acknowledged or authorized access in that 
environment. A master token can be a token that has overall or total access or authorization 
(full ownership functionality/capabilities) versus a delegate token that is more limited or partial 
as disclosed by specification on pg.7, lines 25-30. Nowhere does it limit that the delegate 
token is communicated but yet the master is not communicated. Thus, examiner does not 
agree with applicant argument (pg.7) that it is defined or even suggested that the master 
token would no longer be a master token if it was communicated to a delegated environment 
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and unclear what applicant means by the delegated environment no longer a delegated 
environment. 

Regarding the 112. 1- paragraph argument on pq.7: Examiner finds applicant's 
reasoning and evidence of the master token is not communicated a contradiction. Innuendo, 
that the master token is not communicated because like applicant points out in the 
specification that an environment controls a token (master or delegate) if that environment is 
the only environment that is given access to that token and wouldn't be a master token if 
communicated to a delegated environment. Then, looking at the claimed reciting that "the 
delegate token is communicated to a delegated environment" and specification discloses 
correspondence between environments and tokens (master or delegate). Thus, the question 
arises as to how and why can a delegate token be communicated to a delegated environment 
if the statement in specification are defined (as noted on pg.7) as the token (master or 
delegate) not communicated since the it's the only environment given access to that token. If 
that statement applies to a master token then it should apply to delegate token as well 
because the delegate token only have limited or partial ownership capabilities and that the 
token (as discussed above) can be the master or delegate. And if a delegate token have 
authority at one environment then the master can also have authority to the same 
environment since the master token as full ownership functionality. Thus, "an environment 
controls a token (master or delegate) if that environment is the only environment that is given 
access to that token" does not read on applicant's interpretation that the master token no 
longer a master token if communicated to a delegated environment because applicant have 
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not proven the master token only belonging to a particular environment without being 
transmitted or communicated. 

It is noted that applicant asserted that written description requirement of 35 USC 112, 
para. 1 for each claim limitation must be expressly, implicitly or inherently supported in the 
original filed disclosure. It Is also noted that applicant cited that "one ordinary skill In the art at 
the time would have understood that user input of a token to an environment Is a form of 
communication of the token to the environment." It is clear that this statement is expressly, 
implicitly or inherently supporting the claim "wherein the delegated environment is an 
environment to which the master token is not communicated." 

Regarding the 1 12. 1- paragraph argument on pg.8: that the master token being Inputted 
by a user to a delegated environment would no longer be a delegated environment. Again, 
examiner finds this unsupported and not defined by the specification. The same reasoning in 
examiner's response above applies to this argument. 

Therefore, claims 1-2, 4-10, 12-18, and 20 remains rejected under 35 U.S.C. 112, first 
paragraph. 

Regarding argument on pg.9: that Lambert does not expressly or inherently disclose the 
claimed wherein the delegated environment is an environment to which the master owner 
token Is not communicated. Applicant argues that the lack of suggestion In Lambert Is not an 
Inherent and explicit disclosure. Claims 1-2, 4-10, 12-18, and 20 are rejected under 35 
U.S.C. 103(a) as being unpatentable by Lambert in view of Challener. Like the master and 
delegate tokens as described in the specification (pg.6-7), Lambert suggests that the parent 
token (master token) is not communicated because focuses on the access and privileges for 
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restricted token that is able to be communicated for an execution environment in wliicli it will 
run (col.4, lines 1-20) and the parent token having more rights and ability to modify restricted 
token (col.22, lines 32-50). Lambert also discusses returning a token to associate with a file 
to the software function where if a token is returned, it may be the parent token (unchanged) 
if no restricted execution environment is required by the rule or a restricted token that 
establishes a restricted execution environment/context for the processes of the software file 
(col. 16, lines 9-24). While a lack of suggestion is not inherent or explicit but Lambert's tokens 
reads on the claimed invention based on information provided in the specification. 

Regarding argument on pq.10: Challener is relied on to disclose a Trusted Platform 
Module and that Lambert and Challener combination does not disclose the delegated 
environment is an environment to which the master owner token is not communicated. As 
discussed above, Lambert reads on the master owner token is not communicated but 
Lambert did not include a TPM. Thus, Lambert is combined with Challener where it would 
have been obvious for a person of ordinary skills in the art to teach of a trusted platform 
module (TPM) because using a security chip decrease the exposure to brute force attacks 
and enforces protection against hardware hammering (Challener - col.3, lines 24-26 and 
col.4, lines 18-19). 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 1 1 2: 

The specification sliall contain a written description of the invention, and of the manner and process of mailing and 
using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or 
with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by 
the inventor of carrying out his invention. 
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4. Claims 1-2, 4-10, 12-18, and 20 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention. 

Claims 1, 9, and 17 recites wherein the delegated environment is an environment to 
which the master owner token is not communicated. This is new subject matter that was not 
originally filed nor supported by the specification. Specification discusses the delegate owner 
token being communicated and partial functionality that is unable to modify master owner 
token. Whereas, the master owner token have full owner functionality that have the ability to 
modify the MOT and the ME may generate the MOT when the ME is first executed by the 
computer system [0021 + 0023]. However, specification does not limit the claimed the 
delegated environment is an environment to which the master owner token is not 
communicated. 

All dependent claims are also rejected by virtue of their pendency. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set forth in section 
1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the 
subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 
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5. Claims 1-2, 4-10, 12-18, and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable by Lambert, et al. (US 7,134,138), in view of Challener, et al. (US 
7,194,762). 
As per claim 1 : 

Lambert discloses a method of managing autliorization tol<ens witliin a computer 
system comprising: 

creating a master owner token indicating a management environment lias full 
ownership [of a trusted platform module] w'Ah'm the computer system; (col.7, lines 55-57) 

creating a delegate owner token for a delegated environment (col. 8, lines 10-26 and 
40-67 and col. 22, lines 40- 45) . wherein the delegated environment is an environment to 
which the master owner token is not communicated : (col.4, lines 6-17 and col. 14, line 46 - 
col. 15, line 20) 

communicating the delegate owner token, to the delegated environment; and (col.9, 
lines 5-15 and col.22, lines 46-50) 

allowing the delegated environment access [to the trusted platform module] when the 
delegated environment presents the delegate owner token to the [trusted platform module]. 
(col.3, line 66 - col.4, line 5 and col.1 1 , lines 5-35) 

Lambert discloses the claimed master owner token as the parent or normal access 
token that have the ownership or privileges that a restricted token does not. The claimed 
delegate owner token is given as a restricted token that have restricted access or privileges 
removed relative to its parent token (col.4, lines 5-15 and col.7, lines 54-57). Lambert 
explains the restricted token is derived from a parent token comprises a reduced subset of 
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access rights/privileges relative to its parent tol^en by altering (lessening) the access rights 
(col .8, lines 40-67). Lambert discloses the restricted access token have restrictions which 
have certain rights or privileges to determine whether software can run and the executing 
environment in which it will run (col.3, line 66 - col.4, line 18). This shows the restricted token 
is associated with each process which is the claimed environment and enables restricting 
actions by possibly executable software content (col.9, lines 5-15 and col.1 1 , lines 5-35). 
Lambert also discusses returning a token to associate with a file to the software function 
where if a token is returned, it may be the parent token (unchanged) if no restricted execution 
environment is required by the rule or a restricted token that establishes a restricted 
execution environment/context for the processes of the software file (col.1 6, lines 9-24). 
Thus, Lambert does not suggest the parent token is communicated to the delegated 
environment since the focus is the restricted token that is associated to a process/software. 
Hence, Lambert reads on the claimed creating a delegate owner token for a delegated 
environment wherein the delegated environment is an environment to which the master 
owner token is not communicated. However, Lambert did not include a TPM. 

Challener discloses a method and system for improved security password-based 
access to computer networks. The system comprises a server where the server comprises a 
security chip (col. 2, lines 45-49). The invention comprises a security chip, such as a Trusted 
Platform Module (TPM) where a phrase is signed by the security chip using an encryption key 
assigned either to the remote user or the security chip (col.2, lines 16-18 and 28-32). The 
security chip comprises encryption keys, such as a public key/private key pair assigned to the 
chip (col.2, lines 51-53). Challener discloses a remote user request access to the computer 
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network by providing an ID and password to the server (col .3, lines 4-7). The password is 
according to the remote user and for access to the server. Challener discloses the system 
comprising a server (delegated environment) and the remote user password (delegate owner 
token) where the user's password is given to the server and to the security chip (TPM), rather 
than the master token being given to the server (col.4, lines 57-59). Further, Challener 
teaches using a security chip further decreases the exposure to brute force attacks and such 
TPM allow only certain number of unsuccessful entries of a password before a user is locked 
(col .3, lines 24-26). So the user of the security chip enforces protection against hardware 
hammering (col.4, lines 15-19). 

Therefore, it would have been obvious for a person of ordinary skills in the art to 
combine the teachings of Lambert with Challener to teach of a trusted platform module (TPM) 
because using a security chip decrease the exposure to brute force attacks and enforces 
protection against hardware hammering (Challener - col.3, lines 24-26 and col.4, lines 18-19). 

As per claim 2: See Lambert on col.7, lines 26-55; discloses the method of claim 1 , further 
comprising storing the master owner token in a secure storage within the computer system. 
As per claim 3: Cancelled 

As per claim 4: See Lambert on col.8, lines 10-26 and 40-67 and col. 22, lines 40- 45; 
discloses the method of claim 1 , wherein creating the delegate owner token comprises the 
management environment sealing the delegate owner token to the delegated environment. 
As per claim 5: See Lambert on col.4, lines 5-15 and col.8, lines 40-67; discloses the 
method of claim 1 , further comprising wherein the master owner token indicating the 
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management environment can change at least one of the master owner token and a delegate 
owner token. 

As per claim 6: See Lambert on col.9, lines 5-1 5 and col. 11 , lines 5-35; discloses the 
method of claim 1 , further comprising launching the management environment and then 

launching the delegated environment. 

As per claim 7: See Lambert on col.9, lines 36-67; discloses the method of claim 1 , further 
comprising storing the delegate owner token in an access control list in the resource. 
As per claim 8: See Lambert on col.9, lines 36-67 and col. 10, lines 20-33; discloses the 
method of claim 7, further comprising removing, by the management environment, the 
delegate owner token from the access control list and adding a different delegate owner 
token to the access control list. 
As per claim 9: 

Lambert discloses an article comprising: 

a storage medium having a plurality of machine readable instructions, wherein when 
the instructions are executed by a processor, the instructions provide for managing 
authorization tokens within a computer system by creating a master owner token indicating 
an administrative environment has full ownership [of a trusted platform module] \N\th\r\ the 
computer system; (col. 6, lines 1-37 and col.7, lines 55-57) 

creating a delegate owner token for a delegate environment (col.8, lines 10-26 and 40- 
67 and col.22, lines 40- 45) . wherein the delegated environment is an environment to which 
the master owner token is not communicated : (col.4, lines 6-17 and col. 14, line 46 - col. 15, 
line 20) 



Application/ Control Number: 10/686,343 Page 11 

Art Unit: 2435 

communicating the delegate owner tol^en to tlie delegated environment; and (col. 9, 
lines 5-15 and col.22, lines 46-50) 

allowing the delegated environment access [to the trusted platform module] \Nhen the 
delegated environment presents the delegate owner token [to the trusted platform module]. 
(col. 3, line 66 - col.4, line 5 and col. 11, lines 5-35) 

Lambert discloses the claimed master owner token as the parent or normal access 
token that have the ownership or privileges that a restricted token does not. The claimed 
delegate owner token is given as a restricted token that have restricted access or privileges 
removed relative to its parent token (col.4, lines 5-15 and col. 7, lines 54-57). Lambert 
explains the restricted token is derived from a parent token comprises a reduced subset of 
access rights/privileges relative to its parent token by altering (lessening) the access rights 
(col .8, lines 40-67). Lambert discloses the restricted access token have restrictions which 
have certain rights or privileges to determine whether software can run and the executing 
environment in which it will run (col.3, line 66 - col.4, line 18). This shows the restricted token 
is associated with each process which is the claimed environment and enables restricting 
actions by possibly executable software content (col.9, lines 5-15 and col.1 1 , lines 5-35). 
Thus, Lambert does not suggest the parent token is communicated to the delegated 
environment since the focus is the restricted token that is associated to a process/software. 
Hence, Lambert reads on the claimed creating a delegate owner token for a delegated 
environment wherein the delegated environment is an environment to which the master 
owner token is not communicated. However, Lambert did not include a TPM. 
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Challener discloses a method and system for improved security password-based 
access to computer networks. The system comprises a server where the server comprises a 
security chip (col.2, lines 45-49). The invention comprises a security chip, such as a Trusted 
Platform Module (TPM) where a phrase is signed by the security chip using an encryption key 
assigned either to the remote user or the security chip (col.2, lines 1 6-1 8 and 28-32). The 
security chip comprises encryption keys, such as a public key/private key pair assigned to the 
chip (col.2, lines 51-53). Challener discloses a remote user request access to the computer 
network by providing an ID and password to the server (col .3, lines 4-7). The password is 
according to the remote user and for access to the server. Challener discloses the system 
comprising a server (delegated environment) and the remote user password (delegate owner 
token) where the user's password is given to the server and to the security chip (TPM), rather 
than the master token being given to the server (col.4, lines 57-59). Further, Challener 
teaches using a security chip further decreases the exposure to brute force attacks and such 
TPM allow only certain number of unsuccessful entries of a password before a user is locked 
(col.3, lines 24-26). So the user of the security chip enforces protection against hardware 
hammering (col.4, lines 15-19). 

Therefore, it would have been obvious for a person of ordinary skills in the art to 
combine the teachings of Lambert with Challener to teach of a trusted platform module (TPM) 
because using a security chip decrease the exposure to brute force attacks and enforces 
protection against hardware hammering (Challener - col.3, lines 24-26 and col.4, lines 18-19). 
As per claim 10: See Lambert on col.7, lines 26-55; discloses the article of claim 9, further 
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comprising instructions for storing the master owner token in a secure storage within the 

computer system. 

As per claim 1 1 : Cancelled 

As per claim 12: See Lambert on col.8, lines 10-26 and 40-67 and col.22, lines 40- 45; 
discloses the article of claim 9, wherein creating the delegate owner token comprises the 
administrative environment sealing the delegate owner token to the delegated environment. 
As per claim 13: See Lambert on col.4, lines 5-15 and col.8, lines 40-67; discloses the article 
of claim 9, further comprising the master owner token indicating the administrative 
environment can change at least one of the master owner token and the delegate owner 
token. 

As per claim 14: See Lambert on col.9, lines 5-15 and col.11, lines 5-35; discloses the article 
of claim 9, further comprising instructions for launching the administrative environment and 

then launching the delegated environment. 

As per claim 15: See Lambert on col.9, lines 36-67; discloses the article of claim 9, further 
comprising instructions for storing the delegate owner token in an access control list in the 
resource. 

As per claim 16: See Lambert on col.9, lines 36-67 and col. 10, lines 20-33; discloses the 
article of claim 9, further comprising instructions for removing, by the administrative 
environment, the delegate owner token from the access control list and adding a different 
delegate owner token to the access control list. 
As per claim 17: 

Lambert discloses a computer system comprising: 
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a plurality of delegated environments; (col.4, lines 1-4 and col. 15, line 61 - col. 16, line 

24) 

a management environment to create a master owner token indicating the 
management environment has full ownership [of a trusted platform module] w'Ah'm the 
computer system (col. 7, lines 55-57), to create a plurality of delegate owner tokens indicating 
partial ownership (col.8, lines 10-26 and 40-67 and col.22, lines 40- 45) [of the trusted 
platform module], and to communicate a selected one of the plurality of delegate owner 
tokens to a selected one of the plurality of delegated environments (col.9, lines 5-15 and 
col.22, lines 46-50) , wherein the selected one of the plurality of delegated environment is an 
environment to which the master owner token is not communicated : (col.4, lines 6-17 and 
col. 14, line 46 -col. 15, line 20) 

wherein [the trusted platform module] stores delegate owner tokens created by the 
management environment and allows the selected one of the plurality of delegated 
environments access [to the trusted platform module] when the selected one of the plurality 
of delegate owner tokens is presented [to the trusted platform module] by the selected one of 
the plurality of delegated environments, (col.3, line 66 - col.4, line 5 and col.11, lines 5-35) 

Lambert discloses the claimed master owner token as the parent or normal access 
token that have the ownership or privileges that a restricted token does not. The claimed 
delegate owner token is given as a restricted token that have restricted access or privileges 
removed relative to its parent token (col.4, lines 5-15 and col.7, lines 54-57). Lambert 
explains the restricted token is derived from a parent token comprises a reduced subset of 
access rights/privileges relative to its parent token by altering (lessening) the access rights 
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(col .8, lines 40-67). Lambert discloses the restricted access token have restrictions which 
have certain rights or privileges to determine whether software can run and the executing 
environment in which it will run (col.3, line 66 - col.4, line 18). This shows the restricted token 
is associated with each process which is the claimed environment and enables restricting 
actions by possibly executable software content (col.9, lines 5-15 and col.1 1 , lines 5-35). 
Thus, Lambert does not suggest the parent token is communicated to the delegated 
environment since the focus is the restricted token that is associated to a process/software. 
Hence, Lambert reads on the claimed creating a delegate owner token for a delegated 
environment wherein the delegated environment is an environment to which the master 
owner token is not communicated. However, Lambert did not include a TPM. 

Challener discloses a method and system for improved security password-based 
access to computer networks. The system comprises a server where the server comprises a 
security chip (col. 2, lines 45-49). The invention comprises a security chip, such as a Trusted 
Platform Module (TPM) where a phrase is signed by the security chip using an encryption key 
assigned either to the remote user or the security chip (col.2, lines 16-18 and 28-32). The 
security chip comprises encryption keys, such as a public key/private key pair assigned to the 
chip (col.2, lines 51-53). Challener discloses a remote user request access to the computer 
network by providing an ID and password to the server (col.3, lines 4-7). The password is 
according to the remote user and for access to the server. Challener discloses the system 
comprising a server (delegated environment) and the remote user password (delegate owner 
token) where the user's password is given to the server and to the security chip (TPM), rather 
than the master token being given to the server (col.4, lines 57-59). Further, Challener 



Application/ Control Number: 10/686,343 Page 16 

Art Unit: 2435 

teaches using a security chip further decreases the exposure to brute force attacks and such 
TPM allow only certain number of unsuccessful entries of a password before a user is locked 
(col.3, lines 24-26). So the user of the security chip enforces protection against hardware 
hammering (col .4, lines 15-19). 

Therefore, it would have been obvious for a person of ordinary skills In the art to 
combine the teachings of Lambert with Challener to teach of a trusted platform module (TPM) 
because using a security chip decrease the exposure to brute force attacks and enforces 
protection against hardware hammering (Challener - col.3, lines 24-26 and col.4, lines 18-19). 
As per claim 18: See Lambert on col. 7, lines 26-55; discloses a computer system of claim 
1 7, further comprising a secure storage to store the master owner token. 
As per claim 19: Cancelled 

As per claim 20: See Lambert on col.9, lines 36-67 and col. 10, lines 20-33; discloses the 

computer system of claim 19, wherein the trusted platform module comprises an access 
control list for storing the delegate owner tokens received from the management 
environment. 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth In 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until 
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after the end of the THREE-MONTH shortened statutory period, then the shortened statutory 
period will expire on the date the advisory action is mailed, and any extension fee pursuant to 
37 CFR 1 .1 36(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Leynna T. Truvan whose telephone number is (571) 272- 
3851 . The examiner can normally be reached on Monday - Thursday (7:00 - 5:00PM). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status Information for 
unpublished applications Is available through Private PAIR only. For more Information about 
the PAIR system, see http://palr-dlrect.uspto.gov. Should you have questions on access to 
the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 
(toll-free). If you would like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 
571-272-1000. 



/L. T. T./ 

Examiner, Art Unit 2435 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



